Unlink cleaned up access tokens from refresh tokens

src/Manager/Doctrine/AccessTokenManager.php

@@ -8,6 +8,7 @@
 use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Model\AccessToken;
 use League\Bundle\OAuth2ServerBundle\Model\AccessTokenInterface;
+use League\Bundle\OAuth2ServerBundle\Model\RefreshToken;
 
 final class AccessTokenManager implements AccessTokenManagerInterface
 {
@@ -50,12 +51,39 @@ public function clearExpired(): int
             return 0;
         }
 
-        /** @var int */
-        return $this->entityManager->createQueryBuilder()
-            ->delete(AccessToken::class, 'at')
+        /** @var array{identifier: string}[] */
+        $results = $this->entityManager->createQueryBuilder()
+            ->select('at.identifier')
+            ->from(AccessToken::class, 'at')
             ->where('at.expiry < :expiry')
             ->setParameter('expiry', new \DateTimeImmutable(), 'datetime_immutable')
             ->getQuery()
+            ->getScalarResult();
+        if (0 === \count($results)) {
+            return 0;
+        }
+
+        /** @var string[] */
+        $ids = array_column($results, 'identifier');
+
+        // unlink access tokens from refresh tokens
+        $this->entityManager->createQueryBuilder()
+            ->update(RefreshToken::class, 'rt')
+            ->set('rt.accessToken', ':null')
+            ->where('rt.accessToken IN (:ids)')
+            ->setParameter('null', null)
+            ->setParameter('ids', $ids)
+            ->getQuery()
             ->execute();
+
+        // delete expired access tokens
+        $this->entityManager->createQueryBuilder()
+            ->delete(AccessToken::class, 'at')
+            ->where('at.identifier IN (:ids)')
+            ->setParameter('ids', $ids)
+            ->getQuery()
+            ->execute();
+
+        return \count($ids);
     }
 }

tests/Acceptance/DoctrineAccessTokenManagerTest.php

@@ -123,10 +123,9 @@ public function testClearExpiredWithRefreshToken(): void
 
         $this->assertSame(3, $doctrineAccessTokenManager->clearExpired());
 
-        $this->assertSame(
-            $testData['output'],
-            $em->getRepository(RefreshToken::class)->findBy(['accessToken' => null], ['identifier' => 'ASC'])
-        );
+        $em->clear();
+
+        self::assertCount(3, $em->getRepository(RefreshToken::class)->findBy(['accessToken' => null], ['identifier' => 'ASC']));
     }
 
     public function testClearExpiredWithRefreshTokenWithoutSavingAccessToken(): void

tests/Acceptance/DoctrineClientManagerTest.php

@@ -22,7 +22,7 @@ final class DoctrineClientManagerTest extends AbstractAcceptanceTest
 {
     public function testSimpleDelete(): void
     {
-        /** @var $em EntityManagerInterface */
+        /** @var EntityManagerInterface $em */
         $em = $this->client->getContainer()->get('doctrine.orm.entity_manager');
         $doctrineClientManager = new DoctrineClientManager($em, self::getContainer()->get(EventDispatcherInterface::class), Client::class);
 
@@ -41,7 +41,7 @@ public function testSimpleDelete(): void
 
     public function testClientDeleteCascadesToAccessTokens(): void
     {
-        /** @var $em EntityManagerInterface */
+        /** @var EntityManagerInterface $em */
         $em = $this->client->getContainer()->get('doctrine.orm.entity_manager');
         $doctrineClientManager = new DoctrineClientManager($em, self::getContainer()->get(EventDispatcherInterface::class), Client::class);
 
@@ -74,7 +74,7 @@ public function testClientDeleteCascadesToAccessTokens(): void
 
     public function testSaveClientWithoutScopeAddDefaultScopes(): void
     {
-        /** @var $em EntityManagerInterface */
+        /** @var EntityManagerInterface $em */
         $em = $this->client->getContainer()->get('doctrine.orm.entity_manager');
         $doctrineClientManager = new DoctrineClientManager($em, self::getContainer()->get(EventDispatcherInterface::class), Client::class);
 
@@ -88,7 +88,7 @@ public function testSaveClientWithoutScopeAddDefaultScopes(): void
 
     public function testClientDeleteCascadesToAccessTokensAndRefreshTokens(): void
     {
-        /** @var $em EntityManagerInterface */
+        /** @var EntityManagerInterface $em */
         $em = $this->client->getContainer()->get('doctrine.orm.entity_manager');
         $doctrineClientManager = new DoctrineClientManager($em, self::getContainer()->get(EventDispatcherInterface::class), Client::class);
 
@@ -122,7 +122,7 @@ public function testClientDeleteCascadesToAccessTokensAndRefreshTokens(): void
                 ->find($accessToken->getIdentifier())
         );
 
-        /** @var $refreshToken RefreshToken */
+        /** @var RefreshToken $refreshToken */
         $refreshToken = $em
             ->getRepository(RefreshToken::class)
             ->find($refreshToken->getIdentifier())